Everyone is excited about Google’s Lively, a browser-based 3D client. Some are calling it a Second Life killer. I agree Second Life is not the most secure platform out there, however Timeless Prototype spotted a potentially problematic issue around Lively and DEP.

But, if you’re running 32-bit Vista, you’ll find you might have to disable Data Execution Prevention (if you’re like me who enables it by default for all programs) for Lively’s client.exe just to get it to run. *cough*

Erm, that says to all hackers out there “target for buffer overflows” in big red writing

Cough indeed.

Data Execution Prevention (DEP) is a security feature included in modern Microsoft Windows operating systems that is intended to prevent an application or service from executing code from a non-executable memory region.

Data Execution Prevention goes a long way to mitigate buffer overflow exploits. Combined with Address Space Location Randomization the odds are heavily against the attacker’s code working successfully and will probably only result in the application crashing as opposed to the computer becoming under the control of the attacker.

It will be interesting to see Google’s response to this one. As I have learned in security work it usually just a matter of time. I do not recommend turning off DEP.

Popularity: 9% [?]

Share This